Other than the management WEBgui: NO.
And you don't want anybody but an admin to surf to a firewall.

On the other hand, under the hood is a FreeBDS 6.2 install. You can do whatever you want…

I think the pfSense server redirects the port 21 traffic to its own server, and not to NAT. I see this when I nmap scanned the server from WAN, where port 21 is open to the pfSense server itself all the time

Thank you very much -)
Especially I liked "port is a port" -)))

I apologize for the length of my post.  I was trying to give as much detail as possible.  I hadn't actually checked back on this topic until today but I did want to let everyone know I have managed to get the interface working, just not quite in the configuration I wanted.

I had to leave my Netopia configured the same as it was previously - establishing the PPPoE connection and doing the default NAT, with its ethernet interface set up as a gateway.  PF I set both interfaces to a static IP and the WAN pointed to the Netopia gateway.  I've also left the automatic NAT rules on, not even messing with NAT.  Everything works!  I can see traffic going across the nice graph interface and have begun to try a couple of firewall rules.

It isn't quite the way I was hoping the configuration would be set up, but so far since it's working fine and I've been able to test blocking addresses locally, it seems to be doing the job.  Many thanks.

Hint: Use aliases if you don't want to change multiple settings.  ;)

Hi,
I succeeded into making a similar config up and running.
I had to add Firewall rules on the OPT1 to allow traffic to 192.168.1.231

jy  :)

@Cry:

This has previously been discussed, if you searched the archive you'd already have the answer.

Firewall -> NAT -> Port Forward

Assuming you're trying to direct all systems on the LAN to an external mail server on an alternate port, pick LAN as the interface, "any" as the external address, 25 as the external port range, the public mail server's IP as the NAT IP and 2525 as the "local port".

Thanks. I didn't guessed this used in such way.

NAT through IPSEC won't work. There even has been a bounty for such a feature but the problem is that the traffic goes into the tunnel before we could even send it throgh NAT the way it is implemented into freebsd. There is no way to do this currently.

search "ping VIP" –> http://forum.pfsense.org/index.php/topic,4499.0.html

Afaik you cant ping PARP VIP's.
Use CARP VIP's instead (even if you dont use CARP-functions)

I found what problem. but need help
1. if i have this cheme. all NAT working
workstation (ip 10.0.0.30) –--->pfSense/bridge(10.0.0.3)----->cisco1700(10.0.0.1)
gw 10.0.0.3 <=-

2. but on this scheme Nat not worked
workstation (ip 10.0.0.30) ----->pfSense/bridge(10.0.0.3)----->cisco1700(10.0.0.1)
gw 10.0.0.1 <=-

What i can do in 2 scheme for working NAT?

Thank you dotdash,

I had an error in my thinking… I did have the private natted LAN set to use the FW lan ip as the GW.

I will go back and double check everything now and reset the default LAN allow rule.

ok thanks for the help

I Alread Try to put the 78.10.1.97/28 addres in the Lan and conect other computer to a OPT1 and make a rule to pass all trafic from that OPT1 to the Banck Address Thru the lan  but the VPN not Estabilish. The vpn only work when that especific address is in My network

I didnt notice before but dotdash is right.

With PARP you need to specify the correct IP with /32 If you want to map only one IP. With CARP you need to specify the actual CIDR subnet of the IP in your case /29.

PARP should work in your case too but if you want to run services on the pfSense on this VIP you should use CARP.

You can do this with a properly configured apache.
But not with pfSense directly.

that fixed it, thanks man :)